Effective Date: October 4, 2025 | Updated for Anonymous Barrier Tracking System
1. Information We Collect
Personal Information
When you participate in our interactive poll and express interest in IgniteSpaces, we collect the following information:
- Email Address: To send you poll results, updates about IgniteSpaces, and respond to inquiries
- Class Type (Optional): The type of fitness or martial arts class you'd like to run
- Barrier Selections: Your selected barriers to starting your own studio (up to 3 choices)
- Poll Engagement Data: How you interact with our barrier assessment poll
Automatically Collected Information
We automatically collect certain technical information when you visit our website:
Basic Technical Data
- Browser type and version
- Operating system
- Screen resolution and device type (mobile/desktop)
- Pages visited and time spent on site
- Referring website (if applicable)
- General geographic location (anonymized to region level only)
Anonymous Behavioral Analytics
To improve user experience and understand visitor needs, we collect anonymous behavioral data including:
- Anonymous Page Views: Basic page visits tracked without consent requirement (GDPR Article 6(f) legitimate interest)
- Page Interaction: Scroll depth, time spent in different sections, click patterns
- Content Engagement: Which FAQ questions you expand, practice types you click on
- Form Behavior: Which form fields you focus on (without recording what you type)
- Button Interactions: Hover time on call-to-action buttons, click events
- Navigation Patterns: How you move through the site, exit points
- Interactive Poll Data: Barrier selections from our instructor challenges poll, poll completion rates, selection patterns
- Anonymous Barrier Selections: Barrier choices tracked immediately when selected (before email submission) for interest analysis
- Session Data: Visit duration, return visits, tab visibility changes
- Bot Detection: Automated filtering to distinguish human visitors from crawlers and bots
Privacy-First Data Collection
Important: All behavioral data is collected anonymously using privacy-safe methods:
- No Personal Identification: Behavioral data cannot be linked to your identity
- IP Address Anonymization: Only first 3 segments stored (e.g., 192.168.1.xxx)
- Session-Based Tracking: Uses anonymous session IDs, not personal identifiers
- No Cross-Site Tracking: Data collection limited to ignitespaces.fit only
- Consent-Free Pageviews: Anonymous page visits tracked without cookies (GDPR Article 6(f) legitimate interest)
- Bot Filtering: Advanced detection prevents non-human traffic from skewing analytics
- Data Minimization: User agent strings truncated, only essential data collected
- Automatic Expiration: Anonymous session data expires after 24-48 hours
2. How We Use Your Information
Personal Information Uses
We use your personal information (name, email, etc.) for:
- Service Delivery: To provide information about IgniteSpaces and notify you when spaces become available in your area
- Communication: To respond to your inquiries and send relevant updates about our services
- Business Intelligence: To understand demand patterns and prioritize new location development
- Legal Compliance: To comply with applicable laws and regulations
Anonymous Behavioral Data Uses
We use anonymous behavioral analytics to:
- User Experience Optimization: Identify which content sections are most engaging and helpful
- Conversion Analysis: Understand what prevents visitors from expressing interest
- Content Strategy: Determine which FAQ questions are most important to visitors
- Barrier Research: Analyze poll responses to understand instructor pain points
- Technical Performance: Optimize page load times and mobile experience
- Product Development: Shape IgniteSpaces features based on demonstrated user needs
- Marketing Effectiveness: Measure which content and messaging resonates most
- Analytics Alignment: Compare internal metrics with third-party analytics (Google Analytics) for accuracy
- Traffic Quality: Distinguish human visitors from bot traffic for better insights
📊 Why We Track Anonymous Pageviews
To ensure accurate visitor analytics and align with Google Analytics reporting, we track basic page visits without requiring consent. This helps us:
- Understand true visitor numbers vs. cookie-consented users
- Measure actual website reach and marketing effectiveness
- Calculate consent rates and optimize privacy user experience
- Identify and filter bot traffic for cleaner data
This anonymous tracking complies with GDPR Article 6(f) legitimate interest and involves no personal data or cross-site tracking.
Data Separation: Personal information and anonymous behavioral data are stored separately and cannot be combined to identify individuals.
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
Service Providers
We work with trusted third-party service providers who assist us in operating our website and conducting our business. All providers are carefully vetted for security and privacy compliance:
Core Infrastructure
- Microsoft Azure:
- Static Web Apps hosting with enterprise security
- Azure Tables for secure data storage
- Functions for serverless API processing
- Subject to Microsoft's Enterprise Privacy Statement
Data Storage
- Azure Table Storage:
- Secure storage of form submissions and analytics data
- Microsoft Azure infrastructure with enterprise-grade security
- Subject to Microsoft's Privacy Policy
Analytics and Insights
- Google Analytics 4:
- Website traffic and user behavior analytics
- IP anonymization enabled
- Data sharing with Google disabled
- Subject to Google's Privacy Policy
- Google Ads Conversion Tracking:
- Tracks form submissions as conversions for advertising effectiveness
- Uses consent-based tracking (requires user acceptance)
- No personal data shared beyond conversion events
- Subject to Google's Privacy Policy and Ads Data Processing Terms
- Meta Pixel (Facebook):
- Tracks website interactions for advertising optimization
- Requires explicit user consent via cookie banner
- Subject to Meta's Privacy Policy
- Internal Analytics System:
- Custom behavioral analytics stored in Azure
- Fully anonymous and privacy-first design
- No third-party data sharing
Data Processing Agreements
All service providers have signed Data Processing Agreements (DPAs) ensuring GDPR compliance and appropriate data protection standards.
Legal Requirements
We may disclose your information if required by law or in response to valid legal processes.
3A. Anonymous Behavioral Analytics
Our Commitment to Privacy-First Analytics: We believe in understanding user needs without compromising privacy. Our behavioral analytics system is designed with privacy-by-default principles.
What We Track (Anonymously)
Our behavioral analytics help us understand how to better serve instructor needs:
User Journey Analytics
- Page Engagement: How long visitors spend reading different sections
- Content Preferences: Which practice types generate the most interest
- Information Seeking: Most frequently accessed FAQ questions
- Navigation Patterns: How visitors move through the site
- Conversion Funnel: Where visitors typically drop off in the interest process
User Experience Optimization
- Technical Performance: Page load times and mobile experience
- Form Usability: Which form fields cause hesitation (without recording content)
- Button Effectiveness: How long visitors consider call-to-action buttons
- Content Hierarchy: Scroll depth and reading patterns
Market Research (Anonymous Polls)
- Barrier Identification: What prevents instructors from starting studios
- Feature Prioritization: Which IgniteSpaces features matter most
- Market Validation: Demand patterns by specialty and region
Privacy-Safe Implementation
How we ensure your privacy while gathering insights:
Technical Privacy Measures
- No Personal Identifiers: Behavioral data uses anonymous session IDs only
- IP Address Hashing: Geographic insights without personal identification
- Data Minimization: We collect only what's necessary for legitimate insights
- Automatic Expiration: All behavioral data automatically deleted after 12 months
Data Isolation
- Separate Systems: Personal information and behavioral data stored independently
- No Linking: Technical safeguards prevent combining datasets
- Aggregated Reporting: Individual sessions never reviewed, only patterns
- Team Access: Only authorized personnel can access aggregated analytics
Benefits to You
This anonymous data collection helps us:
- Improve User Experience: Make the site easier and faster to use
- Address Real Needs: Build features that solve actual instructor problems
- Optimize Content: Focus on information that's most helpful
- Reduce Barriers: Identify and eliminate obstacles to instructor success
- Prioritize Development: Build IgniteSpaces locations where they're most needed
Your Control
You maintain full control over anonymous data collection:
- Voluntary Participation: All polls and surveys are optional
- Browser Controls: Disable JavaScript or use "Do Not Track" to opt out
- No Impact: Opting out doesn't affect your ability to use our services
- Transparency: Full technical documentation available on request
4. Data Security
We implement comprehensive security measures following OWASP (Open Web Application Security Project) best practices:
Data Protection
- Encryption in Transit: All data transmission uses TLS 1.3 encryption
- Encryption at Rest: Data stored in Azure Tables with enterprise-grade encryption
- HTTPS Enforcement: All connections automatically redirected to secure HTTPS
- Secure Headers: Implementation of HSTS, CSP, and other security headers
Input Security
- Input Validation: All user inputs validated and sanitized
- XSS Prevention: Cross-site scripting protection on all endpoints
- Injection Prevention: Protection against SQL injection and other attacks
- Rate Limiting: Protection against denial-of-service attacks
Privacy Protection
- IP Anonymization: IP addresses hashed for privacy (xxx.xxx.xxx.xxx format)
- Session Security: Crypto-based anonymous session IDs
- No Cross-Site Tracking: Strict origin validation prevents unauthorized access
- Data Separation: Personal and behavioral data stored separately
Infrastructure Security
- Microsoft Azure: Enterprise-grade cloud security and compliance
- Access Controls: Multi-factor authentication and least-privilege access
- Regular Monitoring: Automated security monitoring and alerting
- Vulnerability Management: Regular security assessments and updates
Enhanced Security (October 2025 Updates)
🔐 A+ Security Grade Implementation
- HSTS Headers: HTTP Strict Transport Security with 1-year max-age and preload
- Enhanced CSP: Content Security Policy updated for Meta Pixel and Facebook domains
- Bot Protection: Advanced detection and filtering of automated traffic
- Rate Limiting: API endpoints protected against abuse with exponential backoff
- Input Sanitization: All user inputs validated, sanitized, and length-limited
- Honeypot Fields: Anti-spam protection in all forms
- CSRF Protection: Origin validation and request signing
Compliance Standards
- OWASP Top 10 2021: Full compliance with latest web security standards
- GDPR Compliance: Privacy-by-design principles for EU residents
- CCPA Compliance: California Consumer Privacy Act requirements
- SOC 2 Type II: Azure infrastructure meets enterprise security standards
- PCI DSS Ready: Security framework ready for payment processing
5. Your Rights and Choices
Personal Information Rights
Access and Correction
You have the right to access and update your personal information. Contact us to request access or corrections.
Data Deletion
You may request deletion of your personal information at any time. Some information may be retained for legal or business purposes as required by law.
Communication Preferences
You can unsubscribe from our communications at any time by clicking the unsubscribe link in our emails or contacting us directly.
Anonymous Data Collection Rights
Behavioral Analytics Opt-Out
While our behavioral analytics are anonymous and privacy-safe, you can still opt out:
- Browser Settings: Disable JavaScript to prevent behavioral tracking
- Do Not Track: We honor browser "Do Not Track" signals
- Ad Blockers: Most ad blockers will prevent analytics collection
- Contact Us: Email us to request exclusion from analytics
Poll Participation
All poll responses are voluntary and anonymous. You can choose not to participate in any polls or surveys.
Cookie and Local Storage Controls
You can control cookies and local storage through your browser settings:
- Essential Function: We use minimal local storage for visit tracking (privacy-safe)
- Analytics Cookies: Google Analytics cookies can be disabled via browser settings
- Advertising Cookies: Google Ads and Meta Pixel cookies require explicit consent
- Consent Management: Use our cookie banner to control marketing tracking preferences
Technical Transparency
Our commitment to privacy transparency:
- Open Source Security: Security practices documented in our repository
- Data Minimization: We collect only what's necessary for legitimate purposes
- No Third-Party Sharing: Anonymous behavioral data stays internal
- Regular Audits: We regularly review data collection practices
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
Personal Information
- Contact Information: Until you request deletion or unsubscribe
- Form Submissions: Up to 24 months for business follow-up purposes
- Communication Records: Retained for business and legal compliance purposes
Anonymous Analytics Data
- Behavioral Events: 12 months (for user experience optimization)
- Poll Responses: 12 months (for product development insights)
- Website Analytics: Up to 26 months (Google Analytics standard)
- Technical Logs: 90 days (for security and performance monitoring)
Data Minimization
We automatically purge data when retention periods expire and regularly review our data storage to ensure we only keep what's necessary for legitimate business purposes.
7. Children's Privacy
IgniteSpaces is intended for use by adults (18+) and wellness professionals. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.
8. International Data Transfers
Your information may be processed and stored in the United States. By using our services, you consent to the transfer of your information to the United States, which may have different privacy laws than your country of residence.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on our website
- Sending email notification to registered users
- Updating the "Effective Date" at the top of this policy
11. Contact Information
Questions about this Privacy Policy?
We're here to help. Contact us at:
Email: privacy@ignitespaces.fit
General Inquiries: hello@ignitespaces.fit
Mailing Address:
IgniteSpaces Privacy Team
Green Bay, WI
We typically respond to privacy inquiries within 48 hours.
12. GDPR Compliance (EU Residents)
If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Request transfer of your data to another service
- Right to Object: Object to processing of your personal data
- Right to Restrict Processing: Request limitation of data processing
To exercise these rights, please contact us using the information provided above.